Introduction to Part D

18.1 Part D of this Report recommends reforming the privacy principles in the Privacy Act 1988 (Cth). Currently, the Act contains two sets of privacy principles: the Information Privacy Principles (IPPs),[1] which apply to public sector ‘agencies’; and the National Privacy Principles (NPPs),[2] which apply to private sector ‘organisations’.[3] Both sets of privacy principles regulate the handling of personal information. They do not cover other areas of privacy such as bodily privacy, surveillance, or communications privacy.

18.2 In this Part, the ALRC recommends reforming the existing privacy principles in two main ways: first, by consolidating the IPPs and NPPs; and secondly, by amending, where warranted, the substantive content of the privacy principles.

18.3 This chapter considers reform to the structure of the privacy principles. It explains how the IPPs and NPPs currently operate and recommends the creation of a single, unified set of privacy principles, to apply across the public and private sectors.

18.4 For convenience, this Report refers to the recommended single set of privacy principles as the Unified Privacy Principles (UPPs), a term used to reflect the fact that they are largely the product of unifying the NPPs and IPPs. Upon the implementation of the ALRC’s recommendation to adopt a single set of principles in the Privacy Act, it is likely that a different term will be used to describe the privacy principles.

18.5 The ALRC has drafted model UPPs for the purposes of this Report.[4] These model UPPs are merely indicative of how the privacy principles in the Act may appear if the ALRC’s relevant recommendations were to be implemented. The ALRC anticipates that, if its recommendations are accepted, the Australian Government will instruct the Office of Parliamentary Counsel to draft the new privacy principles using the ALRC’s recommendations as a template, rather than simply adopting the ALRC’s model UPPs in their current form.

18.6 The remaining chapters in Part D recommend reform to the substantive content of the privacy principles. They proceed largely on the assumption that the ALRC’s recommendations in this chapter will be implemented. Nevertheless, even if some or all of the recommendations in this chapter are not implemented, the other recommendations in this Part remain applicable insofar as they focus on reform to the substantive requirements of the Act’s two existing sets of privacy principles, the IPPs and NPPs.

18.7 In this Part, the ALRC analyses privacy thematically. In relation to each aspect of the principles there is a brief explanation of how the IPPs and NPPs currently apply and a summary of any relevant issues relating to their operation. This is followed by the ALRC’s recommendations for reforming the applicable privacy principle or, where relevant, for the provision of specific guidance by the Office of the Privacy Commissioner (OPC).

[1] See Privacy Act 1988 (Cth) s 14.

[2] See Ibid sch 3.

[3] The terms ‘agency’ and ‘organisation’ are defined, respectively, in Ibid ss 6(1) and 6C.

[4] The model UPPs are set out in full at the beginning of this Report. They are also reproduced individually in relevant chapters in this Part.